Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

Gunkerty Jeb writes "Researchers at Core Security Technologies have uncovered a security hole that could allow someone to circumvent the application sandbox restrictions of Mac OS X. The report of the vulnerability, which affects Mac OS X 10.7x, 10.6x and 10.5x, follows Apple's announcement earlier this month that all applications submitted to the Mac App store must implement sandboxing as of March 1, 2012. Sandboxing, Apple has argued, limits the resources applications can access and makes it more difficult for malware to compromise systems. Researchers at Core however revealed Nov. 10 that they had warned Apple in September about a vulnerability in their sandboxing approach. According to Core's advisory, several of the default predefined sandbox profiles fail to 'properly limit all the available mechanisms.' As a result, the sandboxing restrictions can be circumvented through the use of Apple events."

No, this is unrelated to the upcoming Sandbox requirements. This is not related to the iOS style sandbox requirements coming to the Mac AppStore at all... Just some garbage slashdot is spreading...

The summary is a direct quote from the article. Go bitch at them for "spreading garbage". I'm guessing that your definition of "garbage" is really "anything which violates your Pristine Vision of Apple Security." Fuck off, bitches.

It's the same mechanism that the Mac App Store uses, though, I think. The available rules are just different. While that does mean this vulnerability doesn't affect the App Store, I'm not sure I'd trust Apple to get that right after this.

This is a fake story about a fake hole. The "vulnerability" is that some sandbox profile, called "no-network", which isn't part of App Sandbox (a totally different sandbox technology, that will be required for apps on March 2012), but rather part of the legacy sandbox technology that was unused by 3rd party developers, only prevents network access. Yes, the no-network profile only prevents network access.

Ever since JavaScript, iOS, and Android became widely hyped, we've heard a lot of fools screaming on about how sandboxing is somehow the solution to all of computing's ills. They claim it'll provide perfect security, and processes will be totally isolated from one another, and performance won't suffer, and a whole host of other claims that are utter bullshit.

This incident is so important just because it blows a hole in everything these sandbox-loving idiots are claiming. This is important because it's reali

I dont think "strawmen" describes his post-- what idea did he set up for ridicule and then tear down?

The first two sentences are both statements of fact that are not true:

"""Ever since JavaScript, iOS, and Android became widely hyped, we've heard a lot of fools screaming on about how sandboxing is somehow the solution to all of computing's ills. They claim it'll provide perfect security, and processes will be totally isolated from one another, and performance won't suffer, and a whole host of other claims that are utter bullshit."""

Yeah, so what? Fix bugs when they occur and move on. Sandboxes aren't interesting because they are the end solution to all computer security problems, but because without them you have virtually no protection at all. Sandboxes are a damn good step into the right direction.

1. no-network profile does *not* prevent network access see PoC [1]2. The concept itself is broken, a sandbox which *only* prevents network access is completely useless. As a result network access is available to sanboxed applications.

2. The concept itself is broken, a sandbox which *only* prevents network access is completely useless.

A sandbox doesn't have to be watertight to be useful, as the goal isn't just blocking malicious applications, but also inspecting and controlling legitimate applications. Games for example often do network access, even when not needed, a personal firewall or sandbox can prevent that. That the protection can be circumvented isn't an issue here, as that would mean breaking the law and most companies wouldn't go that far just to collect some user data.

I think what he means is that if it only tries to prevent network access but does not properly restrict access to other parts of the system, then the application can indirectly get at least some network access.

The only idiot here is you Mikey "400 accounts and counting" dipshit, if you honestly don't know the difference between a sandbox and a firewall. The WHOLE POINT of a sandbox is to restrict the entire application to a pre approved reduced permission set, such as the sandboxing on Chromium or the Windows "low rights mode' for browsers like Chromium and IE, whereas a firewall is only for restricting access to the Internet based on either pre approved rules or heuristics.

This is a fake story about a fake hole. The "vulnerability" is that some sandbox profile, called "no-network", which isn't part of App Sandbox (a totally different sandbox technology, that will be required for apps on March 2012), but rather part of the legacy sandbox technology that was unused by 3rd party developers, only prevents network access. Yes, the no-network profile only prevents network access.

It's sad what's happened to Core Security in the past year or so.

No, it's not a fake vulnerability. You should read the report (RTFR?).

The vulnerability is about how apple events can be used to bypass the sandboxing of an application, and in this particular case to gain unrestrained network access even though the app is tagged as "no-network". According to the report it can be used to bypass other restrictions too.

From reading the fine report, I can see clearly that the authors are conflating the Leopard-era sandboxing technology with App Sandbox -- which is new in Lion and is what is required by the Mac App Store. Which lends seriously doubts about the credibility of the authors. Go ahead, make a project in Xcode, enable App Sandoxing, and try to send an Apple event...it doesn't work. The authors should have tried the same before making asses out of themselves.

You're absolutely right. This is always the path taken with sandboxing. Once people realize that the sandbox is preventing them from getting real work done, the next hyped "feature" is usually some way to bypass the sandbox.

This is exactly what IPC was on UNIX systems, for instance. It allowed unrelated and isolated processes to communicate with one another. For a while it was one of the big selling points of certain commercial UNIX variants.

Apple and Microsoft (with Windows 8) are merely 30 years behind those who were the true leaders. But instead of learning from history, they'll spend the next few years causing numerous problems thanks to sandboxing, and then sometime around 2015 or 2016 we'll see support for bypassing the sandbox start getting hyped as a competitive advantage.

This is exactly what IPC was on UNIX systems, for instance. It allowed unrelated and isolated processes to communicate with one another. For a while it was one of the big selling points of certain commercial UNIX variants.

The wonderful thing about standards is that there are so many of them. Today there's SysV IPC, and there's CORBA, and there's dbus, and there's proprietary interfaces with shared memory, and...

You're absolutely right. This is always the path taken with sandboxing. Once people realize that the sandbox is preventing them from getting real work done, the next hyped "feature" is usually some way to bypass the sandbox.

No they won't because "people" don't understand filesystems, that's a geek thing. That's why so many people have all their files on their desktop. Computing is finally tilting away from geeks and towards making norms comfortable. Don't worry, you'll always have Linux.

The fun thing about sandboxing of the type Apple have come up with is that it actually makes it very hard - or even impossible - for app developers to come up with a better way of organising and finding files than the filesystem. The only way for any application to access any file outside its sandbox or a handful of special directories that it can be granted privileges for (Photos and probably a couple of other ones) is if the user opens that file from the standard OS-provided file open dialog. So you can c

Just go look at some Windows users in the wild. The fact that they had to create an automatic desktop cleanup wizard for Windows speaks volumes. People who do this all say the same thing: it's convenient, they know where the files are and don't have to think about it. We are catagorizers, we think in trees and hierarchies, normal people just use stacks. As in: a stack of papers on my desk ("it's in here somewhere") and a stack of files on their desktop.

Part of this is solved by search, like Gmail does: don't sort your mail, just search it. Apple also does this with Spotlight, its system wide search. Another solution is to keep data tied to an app. Arguably Apple already does this with iTunes and iPhoto which are backed by folders but folders you never need to go into because you access your data through the apps. The data stays in the app where you "left it" until you explicitely export it in some way. This seems much more intuitive to normal people and works well with sandboxing. It's also abhorrent to geeks because they fear lock-in although personally I think it's difficult to imagine lock-in in an internet connected world where the first feature users ask of their software is easy sharing.

I really think this has far more to do with your personality and organizational type than geek vs non-geek. It's pretty well established that people organize in different ways (stackers, spreaders, filers, etc). I guess it's probable that there's some correlation in that perhaps computers geeks are more likely to be filers, but that's not been my personal experience.

I keep a ton of files on my Desktop at any one time. I don't think that in any way disqualifies me from being a geek! Likewise, one of the arti

I'm painting with very broad strokes here of course. You can be a geek and a slob, and some artists are quite geeky:-) I keep a lot of files dumped in my "Downloads" folder myself, but others are meticulously organized. What I mean is that most users can't seem to grasp hierarchical filesystems let alone fully use them, just like some people can't seem to wrap their heads around pointers.

under the sandbox adobe CS apps will not be able to work with each other and even then it will be a hard fit into the app store.The top of the line pack is US$ 2,599 way over the apps store max price of $999 and even then that is like $780 for apples cut now I think it costs way less then that to sell it on your own per copy.

also adobe has upgrade pricing as well. Will the app store system let you have up gate prices? even from older vers not in the app store.

That's ok, we absolutely don't want to have every app bought from the app store and run in a sandbox. That makes it too easy for Apple to lock down their entire OS, at which point I have to trash my Mac.

That's ok, we absolutely don't want to have every app bought from the app store and run in a sandbox. That makes it too easy for Apple to lock down their entire OS, at which point I have to trash my Mac.

Besides, Adobe has figured out an even better way to screw their users - they're going to put their heads in the cloud and their fingers in our wallets by switching to a subscription service [adobe.com].

No. You don't have to trash your Mac. OS X 10.5.8, Leopard, has the following useful characteristics:

1) it allows 64-bit data, so apps written for it can process massive data sets when used with 64-bit capable processors;

2) it comes on optical media, and is both easily installed and duplicated;

3) it is beginning to receive support from the user community (as opposed to Apple) for the bugs Apple left in it; (console messages in error with cron operations, anyone? -- not anymore)

4) it supports a wider range of available drivers than either Snow Leopard or Lion (or presumably, any of their successors);

5) it supports PPC emulation, consequently doesn't obsolete all those years of software, as does Lion;

6) Apple updates for Leopard that don't implement the problems of Snow Leopard and Lion are available as files;

7) Most responsible developers still support Leopard (it's still used by ~30% of the installed base)

8) The more people use Leopard, the healthier the OS X software community will be

9) No sandboxing -- straight up access according to user permissions. Terrific resistance to non-privileged exploits; the usual vulnerabilities if you're gullible enough to install malware and give it access.

10) Available for PPC, so entire spectrum of Macs for many years are usable and available as a market. If it ain't broke... don't stop supporting it.

Speaking as a developer, my company is aiming straight at, and developing under, Leopard; though we do test under Snow Leopard and Lion. It's a shame to have to give up some of the API's we could otherwise use (no one here is interested in implementing features that only work under later OS versions), but clearly it's the right thing to do: unlike Apple, we're not inclined to leave users behind, which is the philosophy that clearly underlies 10.6 and later.

Leopard is kind of like Apple's version of XP, except without the built-in obsolescence of "activation." It'll work natively for many, many years yet and with the advent of VMs, probably decades after that. It is easily "Hackintoshable." And in the meantime, if enough people drag their feet, maybe even Apple can be made to "get the message" that it isn't OS X that needs to move in the direction of IOS... it's IOS that needs to move in the direction of OS X. You know, things like nested folders, apps that can work filesystem-wide, etc.

it's IOS that needs to move in the direction of OS X. You know, things like nested folders, apps that can work filesystem-wide, etc

That would cut directly into Apple's bottom line. Their business model is built around locking both the user and developer into a tightly controlled environment where every transaction generates revenue for them. In the past companies had to court developers, now Apple have created a product where developers desperately want to be on it no matter how bad the deal is. It is more like the game console market than the PC market, except that Apple doesn't have to sell the product at a loss for years before maki

Too bad Mac devs were all so eager to go Intel only. Leopard is still useful, but your just frozen in time, unable to use newer applications.

Well, no, actually.

You're unable to use applications that use later OS's as a target. You can, however, use many, many brand new apps (and many, including ours, that aren't even out yet will be usable as well), because it is 100% practical and reasonable to target Leopard and work just fine on Snow Leopard and Lion at the same time -- you can even do it by int

Sandboxing, Apple has argued, limits the resources applications can access and makes it more difficult for malware to compromise systems.

I think everyone argues that sandboxing limits the resources applications can access and makes it more difficult for malware to compromise systems. Well, at least for a fully functional application sandbox.

This will not happen. I see this bullshit paranoia all the time. The mac will NOT be app-store only. However, if you CHOOSE to run app store only apps, you get sandboxed, vetted apps from a trusted vendor. Windows 8 is going the same way.

I don't think you appreciate how much more profit Apple makes off their non-PC products these days compared to their Macbooks and desktops. You may still think of Apple as primarily a PC company, but THEY don't. I think they accepted the fact that they would never be dominant in the PC market years ago, but they CAN be dominant in the MP3-player/cellphone/tablet/etc. markets. So guess what they're going to focus on?

Not only would it not surprise me if Apple made their PC's app-store only, but it wouldn't ev

Apple built their business on good decision making, no question. But also no question, they've made grave errors recently. Why do you think Lion has such a low adoption? Why do you think the Apple fora are full of complaints? Why do you think so many IOS apps are crashing, and why the advertised features of IOS5 don't work? Why is it that Apple isn't doing sufficient testing prior to release? Why is it that they are leaving so many existing, recent customers out in the cold? Why is it that they are dumbing down OS X applications? They're aiming at the middle of the Gaussian now... and that isn't, historically speaking, their Mac customer base.

As the financial dweebs say: past history is no guarantee of future performance. But past history is what gets a company to wherever they are, today.

As soon as you learn to distinguish these two concepts, you'll begin to understand what is happening.

Lion's 16% installed base [theverge.com] is NOT bad after only 4 months. The Apple fora have always been full of complaints. All the rest is just opinions and conjecture on your part, how about some figures ?

No? $29.95 for all your machines? Sounds like a bloody bargain to me -- seriously, it does. Saving a measly $29.95 as compared to 250 new features [apple.com] for your Mac? Some of which, like resizing windows from every edge, and improved gestures, and better networking, to name just a few, are highly desirable. Also, you don't even need media -- you can just download the thing. Instant access, amazingly low price, extremely generous licensing, lots of new feat

How about because.... Lion breaks a whole lotta stuff (like, every PPC app and driver anyone ever owned) on top of what Snow Leopard broke [wikidot.com] ? Oh yeah. That would be why.:o)

We have one computer at work that runs Leopard and still has an ancient PPC version of an early Photoshop CS. But really, for most mac users, is this even remotely relevant?

Also, that's why there are nearly twice as many people still using Leopard (10.5.8), at about 30%. Because Lion is a lousy release on top of another lousy release: Snow Leopard. This is true even though if they upgraded today, they'd get those 250 Lion features plus the Snow Leopard features. [wikipedia.org]

Again, do most Mac users (beyond the power users) ever upgrade their OS? Heck, according to one of your links, 6% of all Mac users are still running 6+ year old system software! At my office we don't upgrade windows computers to new major versions, and we VERY RARELY upgrade macs to new major versions. We've got a tiger system and a win2

We have one computer at work that runs Leopard and still has an ancient PPC version of an early Photoshop CS. But really, for most mac users, is this even remotely relevant?

It's relevant for those Mac users who have PPC apps they want to keep using, and particularly so for those than have no upgrade path. And then there's this question: Why drop the PPC emulation at all? Wasn't broke. Didn't need fixing. But now it's gone. And your "ancient PPC version of an early Photoshop" just went from useful to zero i

It's relevant for those Mac users who have PPC apps they want to keep using, and particularly so for those than have no upgrade path

What I'm saying is, before making a huge deal out of this, it would be useful or informative to actually quantify the issues. For instance, I would hazard a guess that 99% of current Intel mac users never use PPC emulation/rosetta. I don't know if that's true or not, but like I said, I would bet that for most users, it's a non-issue.

Photoshop CS is nearly 9 years old. Yeah, I'm sad it won't run on the latest computers, but it still runs just fine on my G4 Powerbook, our G5 Powermac, our Intel Mac Pros, and

If you rely on ancident(sic) software, don't upgrade to the latest and greatest hardware. Just doesn't seem like that big a deal!

But Apple intentionally made it easy, and desirable, to upgrade to the Intel hardware... they did it by making sure you could run your PPC software, and bring it forward. So there was little reason not to upgrade (barring incompatible apps as the one you mention... hadn't heard of anything that failed to run, previously.) On the contrary, PPC apps kept working and that was *great

Yeah, I've only seen the one program that won't run on Intel, but I've only ever TRIED two programs. This one (http://www.kytek.com/ [kytek.com]) and Photoshop. If you need PPC, you can always virtualize Leopard and run PPC apps on there (ironic, no?). I'm not saying it's not unfortunate that PPC support is gone, what I'm saying is that for the vast majority of mac users (myself included), it just really doesn't matter. Apple hasn't sold PPC macs in over 5 years. They made it extremely easy for developers to develop fo

I don't believe for one moment that is does have low adoption. A couple of days ago an ad company called Chitka put out a press release saying Lion adoption was slowing. But everything other than that, including from sources that are well known, indicate that Lion has had the fastest adoption of any OSX version up to now.

iOS5 and Lion certainly have had some teething problems. But only the kind of things one would expect to get fixed in point releases. I see from another post of yours that you are sticking

Many people are not upgrading because there's no need to, and because application support is lagging. It has been only fairly recently (last year or so) that some macports started working correctly on snow leopard. There are still ports that do not work when compiled for 64 bits, so I still compile macports for 32 bits. The reason to update to 10.6, for me, was speed and stability. Those were killer features. Lion doesn't have anything that would be a killer feature, not for me at least.

if apps are crashing and drivers don't work and features don't work and data is being lost and batteries are being consumed too fast at release time... they're not doing enough testing. Or is that too complex an idea for you to wrap your head around? Go read the apple support forums, for FSM's sake. Your profound ignorance is annoying.

Why is it that they are leaving so many existing, recent customers out in the cold?

[[citation needed]]

Seriously? Ok, starting with Snow Leopard, there's a huge list [wikidot.com]. With Lion, I'm just going to point at them dropping the PPC emulator and see if you get it (keeping mind that there are many additional issues similar to those at the above Snow Leopard incompatibility monitor. But, you know, Google it [lmgtfy.com].)

They're aiming at the middle of the Gaussian now... and that isn't, historically speaking, their Mac customer base.

Customers were used to using drivers for scanners and etc, Apple took that away (effectively taking away the supported hardware) in Snow Leopard by breaking tons of them -- and never going back to fix them.

That's a third party problem, they need to support their own devices.

Customers were used to being able to run the PPC apps they had spent many dollars on... Apple took that away in Lion.

After they licensed very expensive software (Rosetta) to give you years to ween yourself of off PPC. I find it hard to imagine another OS vendor expending that much effort to do a seamless transition, even Bill Gates was impressed they pulled the intel switch off as seamlessly as Apple did. Ungrateful much ?

Customers have been used to apps (oh, I dunno, like Photoshop?) that were part of a system of apps that worked with their data, and Apple's taking that away within the bounds of the app store... and you think it's unlikely that this policy will spread outside the store?

Yes, they're not going to piss off a sizeable part of their customer base by making it impossible to run Photoshop or other Pro apps.

Buddy, Apple does what it wants -- they are *famous* for doing "teh stupidz" -- folders that don't nest under IOS, "wifi sync" that doesn't work under Leopard, a 4-year old native OS, while it does under XP, a ten year old non-native OS, they break the living hell out of IOS apps with just about every "upgrade", forcing developers to put up Yet Another Version of their app to correct for the incompatibilities...

Nested folders are a bad idea. People don't get nested hierarchies, spend some time watching non-geeks use computers and you'll see.Leopard is down to 22% market share [theverge.com], XP only just dipped below 50% this summer [cnet.com]. There's a vast amount of XP machines out there, so unfortunately Apple should expend the effort to support them.iOS is a platform that's developing at an enormous pace because mobile is so competitive and fast evolving. Change or get left behind is the name of the game, accumulating backwards compatibility cruft à la Windows would be deadly. That said I have not heard many complaints about breakages.

When your reasoning depends upon Apple doing things because customers have expectations, your reasoning is no better than a random guess. Apple makes roadmaps, has "visions", and then aims at them. Up until Leopard and IOS4, they were doing pretty well at hitting the target, though of course everyone wanted more. 10.6 and later, IOS5... these are huge bags of fail from several perspectives, most especially from the one you're using to make your assertion: Apple doesn't aim at keeping customers expectations static.

You obviously don't like iOS5 and Lion. There are a lot of us who would beg to differ.

Customers were used to using drivers for scanners and etc, Apple took that away (effectively taking away the supported hardware) in Snow Leopard by breaking tons of them -- and never going back to fix them.

That's a third party problem, they need to support their own devices.

Yeah, which is why ypu should shut up about Linux not having a stable ABI. Wait... what OS are we talking about?

newsflash: users don't care about who's responsibility it is, they blame whoever changed the system. I have a client who is upset that their 8 year old office printer isn't fully functional under Windows 7, and they can't be convinced that that isn't Microsoft's fault.

It would? How come they let Apple sell IOS apps only from the app store, then? In other words, I can't make an IOS app myself, and sell it to you myself. I have to use the app store. And the EU clearly allows this. How does that fit in with your assertion?

I get my scanner drivers from the manufacturer, don't see the problem.

And if the scanner manufacturer made your driver a while back, and it worked fine, but won't under Lion or Snow L

I would guess, that IF the Mac would have had been closed down from the start (only allowing App store downloads), then it would be no problems with regulators. But, since the Mac is open, they cannot close it without getting the regulators on their throats. It would indeed be market abuse, if they started to require that existing developers must go through the App Store, share 30% revenue or go bust (just see the reactions after Apple started to require that all magazine subscriptions would go through the

flash forward, year 2014: major retailers are announcing they'll no longer sell computer or game software in their stores, yet they'll sell passcodes which will allow you to download the software from the major online app stores, this passcode will give you a retailer defined discount. Hint..{apply for your patent now!}

From: we hate microsoft, apple, intel, dell, and hp.

RMS for president!

satellite FAP kills it.4g caps to low.Cable ok but caps need to go up and some systems may need more nodes splits to fit the load in.DSL needs to move up faster speeds with more Adsl2 / other newer techs, some people max out at 1.5 due to being far from the CO or RT.

Steam can't run in a sandbox so apple can lock them out if they move to more of a app store only system.

...and the same is true of MS Office, Adobe CS, Parallels/VMWare etc. So maybe, just maybe, Apple isn't going to lock down OS X until people are no longer buying Macs to run those applications.

Sure they could decide to go this way - in which case I could feed a Linux or Windows disc in my Mac and give Apple up as a bad job. Personally, I'd be more worried as to whether MS is going to push UEFI secure boot onto every OEM, making it hard to buy any hardware that let you choose which OS to run.

OTOH the App Store could develop as somewhere that it was safe for a non-Admin account (Grandad, kids, mere employees) to install software from. The whole system wouldn't need to be locked down.

business use will drive UEFI with lot's on xp / 7. At least windows 7 will have to be able to boot that UEFI mode and Linux is used by business for stuff as well alot of the web severs so that is a big area that the OEM will not want to be locked out of.

What has not yet been lifted in this thread is that OSX and IOS
are starting to look a lot more like each other, or OSX is looking
a lot more like IOS since Lion upgrade, i think we will see more
and more aspects of the mac being locked in.
I am seriously looking at going back to Debian for my desktop.

Agreed; clearly, both environments are going in the wrong direction. IOS needs to become more OS X-like, and OS X needs further development in its natural direction, which is exactly opposite that of where IOS is today.

Someone at Apple has gotten the wrong idea from the fact that IOS, with its many limits, was good enough for a tablet; they've extrapolated that to think it means that limits are a good thing. They aren't. The best tablet will be the most powerful and flexible tablet, and that won't be one with all the limits we presently see. It'll be one that can legitimately replace the desktop for just about anything you can imagine.

Apple is clearly dominating the tablet space right now, but as soon as real operating systems with serious applications hit tablets (which I think is still a little way away due to hardware limitations), Apple's going to be left behind in a flash unless they release OS X for their tablets. I'm a huge iPad user, and I run into its limits each and every day. I look forward to a more powerful alternative, something like OS X on a tablet would be "just the thing."

Apple is clearly dominating the tablet space right now, but as soon as real operating systems with serious applications hit tablets

Those tablets have been available for well over a decade and they bombed in the marked because nobody wants those fragile pieces of tech. The solution to making a more powerful tablet is in improving iOS, not trying to cram a fragile maintenance heavy desktop OS on a tablet. The future in mainstream computing lies in computers that everybody can use and desktop computers ain't those machines and without radical changes they never will be, seeing how they barely have changed at all in the last decade.

I think -- and we're both guessing here -- that those tablets failed because (a) they were WAY too expensive, and (b) no one had really worked out how a touch interface should work (a stylus sucks, trust me, been there, bloody hated that.) Leopard is a lot less fragile than Windows circa ten years ago, or Linux, which still isn't mature enough or stable enough to consider as of today, IMHO -- it still doesn't even have a decent set of non-encumbered/poisoned/costly GUI widgets.

Microsoft was pushing Windows for Tablets for years. No one was interested. Tablets certainly do not need a desktop type OS. Furthermore, the ease and consistency of download and install with the App Store has been a boon to OSX. There's a way in which learning lessons from iOS is good for OSX.

They are probably going to converge although no one knows when (definitely not in the short term though, that's the Windows 8 approach.) But the end result won't look like today's iOS. The current iOS is like the orignal Macintosh: can we see its influence on the mac today ? Absolutely. Today's macs however are different in many ways and the make different compromises because they not only serve different needs but they have evolved with the times. The "converged Apple OS" is to iOS as the 128K Mac is to to

With all the recent discussion about software version numbering.. and how it is now redundant.. can someone from the 'I don't think version numbers are needed at all' side of the fence comment regarding how they would have referred to "Mac OS X 10.7x, 10.6x and 10.5x" in the context of this story?

I recently had a problem with Chrome 9. Took me ages to determine that it was chrome 9 that was the problem, given that it is not an issue on Chrome 11. Just glad my issue wasn't security related (some of the google pages would not render and were iteratively reloading content).

Why can't everything be run in its own sandbox? Isn't this where IT security is heading?

Why can't everything be run in its own sandbox? Isn't this where IT security is heading?

Because we've tried it that way many time before, and it's just not practical for getting real work done.

The typical process model offered by most OSes created within the past 30 years already provides most of the benefits of a sandbox. The processes are isolated, they can be denied access to certain resources, and they can abstract away the physical hardware. But then we find that we need to share data between applications in order to make software that's actually useful. That's why we have files, IPC, net

Lion, Snow Leopard and Leopard respectively, updates can be referred to by release date. I think the names are better known than the version numbers by a lot of people. I don't think version numbers are redundant by the way but they could have been completely avoided in this story.

Okay... so, a version released on 09.05.2011, when was that released?Well, depends on whether the maker is U.S. based or somewhere else in the world.(there are two logical ways of ordering dates, detail->less detail->least detail, or least detail->more detail->most detail. That translates to day-month-year, or year-month-day. Then there is the U.S. way, which would be stuck on quite a few bits of software.)

So we would have numbers going both ways, sometimes within the same company (with offices

As it happens I am currently a Configuration Manager.. to answer this and the GP.. this is something which is currently a royal pain to deal with.. and not just for databases. It happens all over the place with values with multiple meanings. Not everything translates these 'common' values, such as dates, into the "local" or "correct" value.

I recently spent a whole month sorting this out for application CIs.. it's not pretty or fun to deal with.

This is just one more example of Apple being unaware/clueless of tech outside of Apple. I sincerely hope Apple isn't claiming this as another one of their innovations.

The fundamental approach is flawed. They chose to use a special "launchd" app to control this rather than adding the extra security to the OS kernel fork/exec. Hence, the security flaw that these researchers found.

In typical Apple fashion, after being notified, they're trying to sweep it under the rug by revising the developer documenta